api: forbid login when api is disabled (fixed)

This commit is contained in:
Andrew Dolgov 2009-12-16 14:56:46 +03:00
parent 4cdd0d7ca3
commit 2bebdd344b
1 changed files with 9 additions and 2 deletions

View File

@ -58,14 +58,21 @@
$login = db_escape_string($_REQUEST["user"]); $login = db_escape_string($_REQUEST["user"]);
$password = db_escape_string($_REQUEST["password"]); $password = db_escape_string($_REQUEST["password"]);
if (get_pref($link, "ENABLE_API_ACCESS", $login)) { $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
if (db_num_rows($result) != 0) {
$uid = db_fetch_result($result, 0, "id");
} else {
$uid = 0;
}
if (get_pref($link, "ENABLE_API_ACCESS", $uid)) {
if (authenticate_user($link, $login, $password)) { if (authenticate_user($link, $login, $password)) {
print json_encode(array("uid" => $_SESSION["uid"])); print json_encode(array("uid" => $_SESSION["uid"]));
} else { } else {
print json_encode(array("error" => "LOGIN_ERROR")); print json_encode(array("error" => "LOGIN_ERROR"));
} }
} else { } else {
logout_user();
print json_encode(array("error" => "API_DISABLED")); print json_encode(array("error" => "API_DISABLED"));
} }